This weeks WordPress news – Covering The Week Commencing 6th May 2019:
Plugins / Themes
Not WordPress, but useful anyway…
Transcript (if available)
These transcripts are created using software, so apologies if there are errors in them.
Nathan Wrigley: 00:00 Hello there. Good morning and welcome to the WP Builds WordPress newsletter number 62 this covers the WordPress news for the week, commencing the 6th of May, 2019 and it was published on Monday the 13th of May, 2019 just a couple of things before we begin our news. Head over to WP Builds.com forward slash subscribe where you can join us on our mailing lists on our Facebook group and you can find links to download the podcast on iTunes and your favorite podcast player had over to WP Builds .com forward slash deals we've got loads and loads of deals on notable WordPress plugins, so go and check it out if you're in the market for some new products forward slash contribute. If you would like to come on the podcast with me and show off something that you have done recently that you're proud of, quite a few people have done that only about 10 15 minutes or so, but maybe it's something that you think might help the wider community and WP Builds .com forward slash advertise if you would like to get your product or service.
Nathan Wrigley: 01:08 On the WP Builds podcast or weekly news and the adverts sound a bit like this. The WP bills newsletter is brought to you today by Kinsta. Are you tired of unreliable or slow hosting? If so, check out Kinsta who takes manage WordPress hosting to the next level powered by the Google cloud platform. All their plans include PHP seven ssh and 24 seven experts support, so migrate today for free at Kinsta .com and we thank Kinsta for their support of the WP Builds podcast because it certainly helps enable me to do this each and every week. Okie dokie. Let's get stuck into the news for this week then shall we? It's blocked into sections as normal and the first section this week including two articles is all about WordPress core. Now you'll probably know this week that WordPress updated to version 5.2 we've been going on about it quite a lot. All of its beta releases.
Nathan Wrigley: 02:14 What we've now got the final release and it's called Jaco after jazz bassist Jaco Pastorius. I've got the WordPress.org article and I've also linked to the WP Tavern equivalent right up, and I'll just mention the salient points. All of this is stuff that we've been talking about for the last few weeks. So if you've listened to this news edition of the WP Builds podcast, then you'll know all about it. The first thing to say is that there were 327 contributors. It was led by Matt Mullenweg, Josefa, Hayden and Gary Pendergast and uh, yeah, lots and lots of people helping out. The salient points are you now must have PHP 5.6 0.2 if you would like to use this. If you don't have that, it simply won't update. There's now the additional site health check, it's under tools, site health, and if you've updated a website, it's actually quite nice to find something brand new in WordPress core and you can go in there and as soon as you go into tools, site health, it starts to run.
Nathan Wrigley: 03:19 It's magic and it begins taking data on your site and spits out a health score, something in the region of you know, 70 80% something along those lines just gives you a visual indication of things that need fixing. So for example, it might say that there's a critical issue that you need to fix straight away. I don't know. Perhaps a plugin is completely out of date and then there's a whole bunch of recommended improvements and it's things like have you got inactive themes? Inactive plugins is your PHP version, not, not the very latest. Maybe your SQL version is not the very latest is very useful. Actually there are two tabs, there's one called status and one called Info and a and you can click on both of those. The Info one provides a lot more detail, a lot more granularity, but very, very interesting indeed and hopefully this will be useful for people who are just end users of websites and they'll have some way of seeing what's going on and perhaps learning a little bit more about WordPress, which would be lovely.
Nathan Wrigley: 04:14 It's also includes fatal error protection as we've mentioned before. So if things go really wrong, hopefully you won't get the white screen of death and you can enter the recovery mode. I suppose in a way this is designed again for users who don't have the expertise to go in and fix their own problems, but at least they can then pass it over to the administrator who will get some notion of what's going on. The administrator can deactivate themes or plugins, they can fix problems if they have technical capabilities and administrators can find a file, a file of support requests with the developer pointing out the error. Very useful indeed. So wonderful, wonderful news to get 5.2 finally. Um, and a lot of Nice improvements along the way. As I said, two articles mentioned WordPress.org and WP Tavern. So go and check those out. I'm sure you've updated if you haven't maybe go and do that right away.
Nathan Wrigley: 05:08 There's absolutely no reason not to. I've updated all of my sites with no problems whatsoever, although I did hear in the WP Builds Facebook group that a couple of couple of problems, very, very few small edge cases. But I don't think anything serious. So go and get things updated, right? The next bunch are under the banner of community. And the first one that I'm going to mention today comes on the WP Tavern website and it's called WordPress designers explore proposal to simplify WP admin navigation. Now, it never really occurred to me that the WP Admin, now when I say this, I'm talking about the bar that runs down the left hand side of the page. Never really occurred to me that that was anything other than fantastic until I saw this post and it was saying that this was this idea of the way it looks now was included, uh, in WordPress 3.8 in 2013.
Nathan Wrigley: 05:59 And this proposal is a new way to organize that admin menu. And basically it's one giant accordion menu. Now each, each item could be put under be a parent of, for example, it might be site, there might be a parent item of site And under there you've got pages, posts, media comments and so on. And then you might have a design accordion header and under there might be edit templates, themes, widgets, menus, customize and so on. It seems now that I see it so self evidently quite a good thing to do primarily because of the ability to, to make this much more friendly on mobile because obviously a fly out menu that we have at the moment is really difficult to use on a mobile device. And also the fact that it can all be incorporated into one menu means that that that menu itself can be a little bit wider because the fly don't need to be taken into account, which in turn means that the font size in that menu could be significantly bigger.
Nathan Wrigley: 06:59 I think they're mooting font size, possibly 14. So yeah, I think this is a really interesting idea of what it reminds me of is the, the menu in the block editor Gutenberg it reminds me of very much of that. Uh, so if you really strongly dislike the accordions in the block editor, this probably will, will be something you, you don't wants to come into core. But if you like it, then maybe, maybe this is something that you want to look at. Anyway, it's just a proposal at the moment. It's just an idea, but certainly worth mentioning on our news today. Okay, next one. Very briefly, I'm going to mention again on WP Tavern, Gutenberg Plugin for October CMS. Now in beta a few weeks ago, we talked about Lauraberg had Gothenburg implementation for Laravel will. Now there is a CMS that I didn't know about called October CMS and whilst it represents a tiny fraction of the overall marketplace, it's growing, they've got 700 themes and plugins and they have ported Gutenberg into that CMS.
Nathan Wrigley: 08:00 Now, obviously it doesn't have all of the capabilities that it does in WordPress because of the huge quantity of work that's been done making it WordPress compatible. Nevertheless, it's just a, a nice example as we've seen with Drupal that this project to the Gutenberg project is possibly going to become CMS agnostic and possibly going to become a user interface, which many CMS is and therefore many, many people will be exposed to and it might become sort of some kind of default. So That's interesting, isn't it? Okay. If you're into your conferences and you'd like to do conferences in the real world, you may know about WordSesh, which is an online conference. You can go, um, without leaving the comfort of your own home. You can attend WordSesh. Well, now we have the speaker possibilities. Registration is now open, so you can go and register.
Nathan Wrigley: 08:56 I don't know if it's, I'm registering for speakers. In fact, I think maybe the speakers have already been organized. Nevertheless, you can go and register and get yourself onto that event is happening very soon. It's happening on May the 22nd. And normally we talk about where it's going to be hosted. Well, there isn't aware, although a little community of, of people who want to gather together in the real world to attend this as grown. So for example, there's a, there's a meetup for this in Nigeria, Minneapolis, Mumbai, Palm Beach, and Arizona. So, you know, it could become a real world event, but you could, uh, you could do this wherever you wanted. So anyway, there we go. If you're into word Sesh, go get your go get your seat reserved as it were. Now, this article is breathtakingly long and I'm not even going to try to dissect it.
Nathan Wrigley: 09:46 It is enormous. It's by a review signal. Dot. Come on. I know that many of you really nerd out and get really fascinated by the conversation of what is the world's best host. Well, this gigantic piece of work tries to answer that question. Now, in order to make it a little bit more fair, they don't lump all of the hosts together. They have six categories based upon the amount that is charged for their service. And then it goes into so much detail. They test it against every single criteria you could possibly imagine. They explain the methodology of what they're doing, they explain the configuration and all of the different tests that they're performing, how they're all wrong, how often they're wrong, what code they're using to run. Um, I guess in the interest of being open, they're trying to explain how this is fair and then they go on to explain in each price category which ones stood up very well.
Nathan Wrigley: 10:42 Again, I'm not going to tell you all of that. You can go and find that out for yourself. But if you are seriously into geeking out on hosting and you want to find the best thing, this seems like a very, very decent place to begin. Okay. So this year in Berlin we have WordCamp Europe and at WordCamp Europe, um, we're going to have a talk about what skills are involved in being a professional WordPress person in the year 2019 and WP Tavern has an article entitled WordPress professionals take the future of WordPress careers survey. Now, Navena, Tomovich, a business manager at human made is conducting this research and she's going to explain what this survey has, has led her to, uh, at the Berlin WordCamp. But in order, in order for her to get that data, she needs people like you and people like I had to go and fill out her survey.
Nathan Wrigley: 11:42 So there's no results yet. But essentially they would, she would like to know what it is that we spend our time doing. What skills do we need? What are we doing day in, day out. So go over to this article and you will be able to find links to the survey and therefore help out and hopefully it will make it clear to you at least because you in your splendid isolation, might not know what the most desirable skills are, but she's hoping to find that out. Yoast, the famous SEO Company have released a new SEO copyright to training course. I say new, it's an adaptation and amendment of a previous course, but it's they're claiming that it's more hands on. I confess, I haven't read through or gone through any of their materials before, but they've relaunched it and for a very short period of time, they're claiming that you'll be able to get $20 off.
Nathan Wrigley: 12:34 So instead of, sorry, 20 pounds off in my case. So instead of it being 129 pounds, sorry, instead of it being 149 pounds, it's currently 129 pounds excluding tax. I don't know how long that's going to last, but this is all about SEO copywriting. So part of your job is to write search engine friendly content for your blog. Then this might be something that you need to know because this stuff is not necessarily straightforward to just go check it out. Bit of a talking point. This next one, it's over on the talk mag.io page and the article is in called is called what should you recommend clients use a page builder or the block editor. Now I think I know for me what the answer is, you probably know for you what the answer is and the answer is it depends on the use. If it's a very simple blog post with just carriage returns and paragraphs, then perhaps it's the block editor.
Nathan Wrigley: 13:31 If it's something more complicated, then it's a page builder and it might be something that you want to put in front of your clients. If they're wavering and they've kind of got this idea that they want to do everything with with the block editor. While this might be an article that you want to to show to them to show the benefits of one over the other, it's not really news. I'm sorry about it, but I thought it was worth including simply because of its its value at the moment where we're trying to decide what should we use going forwards. Beaver builder have got a plugin, it's been out for a little while now and it's called assistance and it enables you, as we've spoken about before, it enables you to take a bunch of the admin tasks from your WordPress site and do them all in a little menu which pops out from the right hand side.
Nathan Wrigley: 14:15 It occupies the whole right of the Admin area. Um, and it really, it's a platform for developers in the future too to bolt their, their tasks into. So for example, you can update featured images and change the change, the title of posts and things like that. But the sky's the limit if people get into building for the assistant and over at WordCamp Orange County, there was a, a plugin, a Palooza competition and beaver builder's assistant one it. So there we go. Just a little hat tip to them. Well done for all their hard work on that particular plugin. Okay. Three bits of news to do with security and I confessed some of them going completely over my head to this week. The first one is over on the security blog and it's entitled persistent x s s Avia, c s r f in WP meta and date remover and it says during regular research old it's for our security firewall.
Nathan Wrigley: 15:12 We discovered a cross site request forgery leading to a persistent cross site scripting vulnerability affecting 70,000 users of the WP meta and date. Remove a plugin for WordPress. Essentially if you are using this plugin you need to update 7th of May. The update rolled out and I don't really know how bad this particular vulnerability is, but the advice over there is to update it as soon as possible so that you aren't in danger of being attacked in that way. The next one is over on the paragon initiative website which is a paragon which is p a r a g o n e.com and this is just, it's just really interesting to me and it really hadn't occurred to me. It's called the supply chain attack. The article in, in this case it's called WordPress 5.2 mitigating supply chain attacks against 33% of the Internet and apparently Wordfence last year discovered that there was a vulnerability at unexploited but a vulnerability nonetheless on the infrastructure which updates WordPress core out to all of us.
Nathan Wrigley: 16:27 So for example, the updates of 5.2 was handled using this infrastructure. And can you imagine if somebody managed to hack that infrastructure and was able to therefore push out a hacked version of WordPress to 33% of the web? Well, it's mind boggling, isn't it? Anyway, rolling out in WordPress 5.2 we have some new features which make this vulnerability harder to exploit essentially. There are now some handshakes going on and this article explains the technical nature of it, but now we've got some checking in to make sure that this update is in fact coming from a legitimate source. I won't explain how it works, but essentially when you update WordPress, your installation of WordPress is going to say, is this really the legitimate copy? And the infrastructure is going to say, yes, this is the legitimate copy. And there'll be, um, secret and public keys exchanged and so on and so forth.
Nathan Wrigley: 17:23 And, and hopefully this in the future will mitigate that attack, which by the grace of God never happened. Okay, last one in the security banner this week is over on seandewolfe .com and it's a w three cash, a vulnerability through salts. Now this is clearly some very expert, um, security researcher I think because he doesn't write in a way which is obvious to me. He writes probably for other security researchers. But essentially if you've got the w three cash plugin, that is a very peculiar way of exploiting that. You need to, you need to read this and try to digest it, but it's all about faking the salts, which are in your WP config file. Um, go and update to basically go and read this article. If hardcore security is your thing, it's very short, but it gives you an idea of how this strange kind of attack can happen.
Nathan Wrigley: 18:23 Fascinating stuff. Okay, let's move on to plugins and themes. There's rather a lot of this this week, so let's get stuck straight into it. The first one is to say that ACF advanced custom fields has updated to 5.8 2.0 and they've got this fabulous new PHP blocks for Gothenburg. It very difficult to explain, but beautifully, beautifully executed by Elliot Condon who has been on the podcast and number of times the the, the takeaway is basically if you want to create your own ACF blocks, you can do that trivially. You don't really need to know anything about Java script. So for example, the demonstration that he uses, he makes a block like a testimonial block and then the editor of the block editor menu on the right hand side has all of the sections that he needs to fill that out, including a picture, a title, the testimonial itself and a color and it's all done using ACF blocks.
Nathan Wrigley: 20:33 So again, Bravo to toolset. Okay. WPMU Dev this week announced, um, that they were going to stop working on 90% of their premium plugins. If you're WPMU Dev, then you'll be used to seeing a slew of plugins, many of which have not really been updated all that much in a long time and they're going to be focusing on their core products from now on. And dropping a whole bunch of things. So for example, ProSites is going away, market press is going away, costs press membership pro two and so on all going away and they're going to be focusing on the usual things. So hummingbird defender, their new hosting offering, um, smush and so on. So if you're a member, probably it would be wise to look into where you have deployed there. Deprecated plugins, they're going over onto get hubs so they're still be available but they're not going to be updated.
Nathan Wrigley: 21:29 So you may wish to look at that. Um, this news, I think it was mixed fairly, fairly broadly. Well that is to say, I think most people saw that the plugins, we're just a bit of a time suck. And that's what the, the company themselves were saying they're going to be concentrating harder on updating their plugins and this will allow them to do that without trying to update lots and lots and lots of plugins, which didn't really get much use. Speaking of updating WPMU Dev plugins, hummingbird 2.0 has come around, that's their, that's their speed optimization plugin. And they've got a few points of order in there. So for example, now you are able to check your, your metrics against your site for the mobile version as well as the desktop version. So you could say for example, I only want to see specific information about how it's, how my site is doing on desktop or mobile or both.
Nathan Wrigley: 22:28 This is going to work with multisite installations as well and a couple of other minor points. But essentially that's the takeaway. So again, another nice updates to hummingbird oxygen. The page builder has rolled out version 2.3 they've got a modal pop up included now as well as a user design library. And it's very easy for me to say this, but I think these two, these two updates are very, very good indeed. There's a video on the website. If you follow the link, there's a video which shows you in about 10 minutes. What all this means. The most exciting one is for me not the modal popup. It's the the user design library. And this enables you to export and import all of your design library. So all of the rows and the bits that you've created in oxygen, you can then export those. I'm wondering if this is going to become a bit of a commercial thing in the, you know if you spend ages curating a really great a design library for oxygen, I'm wondering if you might be able to in the future create keys for people so that they can update them and upload them into their own sites.
Nathan Wrigley: 23:36 At the moment, the key looks like it's a one off, meaning that if you share that publicly everybody would have access to all that stuff so it's not going to be on a per site basis, but maybe that will be changed and it will become a commercial possibility, but certainly a very, very nice update indeed. Okay. Now on the WP Tavern, again, new membership block coming to jetpack site health and debug Info added to version 7.3 so 7.3 jetpack is now the version number and they've integrated, as we said earlier, they've integrated site health checks, which is quite useful. They've also added this new thing called the membership and block, which I think is kind of overselling it cause to me membership implies kind of user permissions and the ability to get access to various things. Really, I think this block ought to simply being called recurring donations block or something.
Nathan Wrigley: 24:30 Essentially it allows you, if you're a jet pack member to add a block to your site, which integrates with stripe and allows people to donate on a recurring basis money to you. So if you've got jet pack and you need to have a donate feature, oh there you go. You've now got it. So we have again on the WP Tavern website, thanks to the WP Tavern website, they are a trusted source indeed. Theme Review Team leadership implements controversial changes to trusted authors program requiring theme reviews in exchange for making themes live slightly controversial because of the fact that they were struggling to keep up with theme reviews. They launched this trusted authors program and it would have enabled you to fast track your own theme launches into the repository by reviewing other themes, not child themes, actual parent themes. The idea being that they would encourage people who had a need to get their stuff into to go out and review others' well now it would seem that you've got to keep that process going so you must keep adding reviews in order to to get to your stuff fast tracked in the future.
Nathan Wrigley: 25:43 Now obviously this is a bit of a conflict of interest potentially as just in Tadlock says on in this article because it's a bit like a pay to play model and I don't know what I think about this. Obviously we needed some way of getting bodies and eyeballs onto this, but I don't know if this is the right solution to it, but with so many thing developers trying to get their stuff in the repo, maybe this is what we're going to have to have in the future. Some way of making sure that they, they pay their way. If you like. This next article is entitled to Tabor Theme now available as a free Gatsby theme for WordPress and it says Gatsby WordPress themes. A project launched earlier this year by a group of collaborators, collaborators has just released its second free theme. The team is led by Gat speed and graph QL Aficionados, Zac Gordon, Jason Barlow and Mohammed Merson and Alexandro Spoleto.
Nathan Wrigley: 26:37 Um, and here we have a theme Tableau for Gatsby which has been added in. Now this is fascinating, I have no experience using Gatsby, but if you look at their demos, they are unbelievably fast. I mean literally lightening fast. So maybe this is something that people want to play with if they're really into the theme space and they've got the chops to learn how things work on Gatsby. But, um, it's not something I've played with, but here we are and we've got some new things, new toys for you to go and inspect if this is your thing. And I am literally blown away by house, how quickly those those sites load plaintext though they are, it's still amazingly impressive. Okay. If you use the Amazon s se, well it's called WP offload ses, but it uses Amazon's ses infrastructure to send out your emails while they've now added multisite capabilities.
Nathan Wrigley: 27:37 So that if you've got say 10 multisites, each of those can have different Api keys for different locations. Sending out with Amazon's simple email service. I've used ses quite a bit in the past and it's a great way to offload your emails for a ridiculously cheap costs. I think it's one us sent per thousand emails, something like that. Anyway, now this plug in supports multisite rather than running off the one installation Beaver Builder, a layer slider is our last plugin or theme bit of news today. I have nothing to add about this. Apart from that, there is a plugin called beaver builder layer slider. It does apparently exactly what you'd expect. I haven't used it. I haven't tried it, but it's available now and you can go and explore at your own leisure. Okay. We have a section here called WP Builds and we've only got one thing to add this week and that is to say that I did an interview this week with Robert Abela who has a plugin called WP security audit log, which records just about everything that can possibly be recorded in your WordPress website.
Nathan Wrigley: 28:46 The idea being that if things go wrong, you've got a log and certainly if you've got multiple users and you need to keep track of everything that's being done for possible security reasons or just out of interest, then he's explaining how it works and what you can do with it. How our final section today is not about WordPress but hopefully something of interest to you. Anyway. The first one is over on the g suite update.google blog.com website and it's an update, a beta trial in Gmail of dynamic content in email. This is really breathtakingly fascinating. I'm a heavy user of email, but obviously traditionally apart from animated gifs which have only recently started to permeate into my inbox, everything was static. Well, Google are planning to implement amp accelerated mobile pages into the content of emails. In other words, you could create content and anybody with the email would get the updated content that you changed.
Nathan Wrigley: 29:47 So I don't know. You might, you might make a little webpage with some details about an event and if that changes, you don't need to email everybody again because you can just change your page and it will, it will work and the email will contain the new version. This is absolutely fascinating. So I think really now that so many people are using a web browser based interface for accessing their email, this kind of stuff feels like it was destined to happen. But I'm glad to see that somebody is putting some thought into it. Facebook, I've got quite a few updates this week. They've launched some new tools for small businesses kind of smacks of Facebook taking over the world, but now if you want to run ads, Facebook are going to be able to allow you to do that automatically. So they're going to automate the whole process, including creating six variations of ads.
Nathan Wrigley: 30:35 They're going to recommend the audience for you based upon data that they've got about your page. They're going to recommend a budget cough and they're going to keep you updated about how the ad adverts perform. So you know, if you're not an expert, this might be a good way of sinking a few dollars in Facebook's direction and seeing if you get a decent return. And you know, I expect that they'll have to do their due diligence and make sure that it is actually performance and not just ripping people off. They'll also creating an appointment management tools so you'll be able to accept appointments online, send reminders to customers through messenger or text message, customize or list of search search services, availability hours and sync it with your calendars. And also they're adding capabilities to their video editing. You'll be automatically cropping things now, trimming things and putting images and text overlays over your video.
Nathan Wrigley: 31:27 So more stuff in Facebook, more reasons never to leave this. We could Google io, they demonstrated a new feature which is going to be put into their search results and that's augumented reality that had a great demonstration. They, they asked to see what a particular shark looked like, and rather than just showing some images, what it did was it created a, I sort of three d representation of that shark, and then it floated it. You could actually see it moving in the search results pages in a side, a little box, but then you were able to click a button and you were able to put it via the camera into the area that you were looking at. It give you a real sense of how big the shark was. Now, goodness knows what wizardry was going on to judge how big this was compared to the information, uh, in the camera lens.
Nathan Wrigley: 32:15 But it worked. And it was, it was very, very clever. So no doubt this kind of stuff will be coming to search soon. Very quickly. Google has deprecated. The old keyword planner, I don't often find myself in there, but if you were using the old version and refusing to update to the new version of the wall, that that moment has gone, you've got to use the new version now. And very final piece of news on the verge.com website. The feds take down dark web index and new sites, deep dot Webb. So I don't frequent the dark web. I don't honestly know much about it, but lots of people had been arrested all over the globe, including Israel, France, Germany, and the Netherlands. And this site to deep.to web has been taken down and apparently it was a kind of almost like a Google. It would, it would find things that you wanted to find and point you towards them.
Nathan Wrigley: 33:08 And apparently a lot of this stuff was illicit and they were, you know, sites that were selling things that ought not to be sold anyway. Fascinating. You know, if this is a, an area of the Internet that you're interested in, the, the authorities clearly have a way of getting that stuff if they really wish to. Okay. That was a very long news this week. Apologies about that. I hope you've managed to keep going right to the end. Certainly appreciate you listening. There was a, there was rather a lot to this week. The WP Builds newsletter was brought to you today by Kinsta. Kinsta takes managed WordPress hosting to the next level, powered by the Google cloud platform. Your site is secured like Fort Knox and runs on speed obsessive architecture. You can access to the latest software and developer tools such as PHP seven ssh and staging environments, and the best part, their expert team of WordPress engineers are available 24 seven if you need help, you can migrate today for free at Kinsta Dot Com and as I always say, very grateful to Kinsta for helping us put out this content. It really does make a big difference. Okay, John, you on Thursday for the podcast, and if not, hopefully we'll see you back here on Monday for the weekly news. Bye Bye for now.